These slides go with the webinar linked below, in it we go over the topics covered in the slides and answer a few questions from people attending the live session.
http://lsntap.org/blogs/creating-technology-disaster-plan
4. Can be found on the
course page!
What We’ll Cover
What Could Happen?
Four Scenarios
Your First Response
Review Your Systems
Get Back Online
Other Planning Considerations
TABLE OF CONTENTS
6. Poll
Have you ever worked at an organization that suffered
significant data loss or destruction to the office?
A. Yes
B. No
C. Not sure
WHAT COULD HAPPEN?
7. There Are So Many
Potential Disasters
Which are most likely to
affect you? Do have a
plan to deal with those
disasters if/when they
occur?
WHAT COULD HAPPEN?
8. Flood
Look around the office.
What would happen if you
were standing in water?
Do you have computers
or servers on the ground?
WHAT COULD HAPPEN?
14. Poll
What kinds of disasters are you most worried about?
A. Flood
B. Earthquake
C. Tornado
D. Fire
E. Hacking/Ransomware
F. Staff errors
G. Other
WHAT COULD HAPPEN?
16. 1. Your Tech Is Gone
Imagine every piece of
technology is your office
is taken and replaced with
brand new equipment.
FOUR SCENARIOS
17. 2. The Power Is Out
Imagine that the power is
out for two full weeks.
How will that affect your
ability to get work done?
FOUR SCENARIOS
18. 3. A Senior Staff
Member Disappears
Image that your Executive
Director or IT Director
were to disappear
suddenly. Would you
have access to work files,
financials, accounts, or
other organizational
resources?
FOUR SCENARIOS
19. 4. There’s a Breach
Imagine that donor credit
card information, social
security numbers, or
sensitive case information
are stolen. How will you
respond?
FOUR SCENARIOS
21. Is Everyone Safe?
Check in with staff,
volunteers, and anyone
else who might be in your
office during or just after a
disaster.
YOUR FIRST RESPONSE
22. Declare the Incident
• Announce what
happened.
• Alert the team.
• Initiate the plan.
YOUR FIRST RESPONSE
24. Define Roles
Assigning roles to key
staff members will speed
up the recovery and cut
down on chaos and
confusion.
Just make sure you have
a secondary person to
step in if the primary
person is not available to
carry out their role.
Credit: Women of Color in Tech Chat
YOUR FIRST RESPONSE
25. Typical Roles
Executive Director: Manages the recovery and is the broad decision
maker.
IT Director: Directs and executes the recovery of data, computers,
infrastructure hardware, networks, software, and any other technology.
Operations Director: Manages the recovery of the building and
facilities.
HR Director: Manages staff and informs them of the recovery
progress.
Program Directors: Provide input into the data and services related to
programs.
Communications Director: Communicates with supporters, donors,
and the media.
YOUR FIRST RESPONSE
26. Keep a Directory
Create a handy directory
that includes multiple ways
to contact each person.
Don’t forget non-staff
contacts such as the
building manager or
facilities staff, IT
consultants, security system
company, insurance
company, internet service
provider, and others.
YOUR FIRST RESPONSE
27. Establish a Meeting
Place
If your office is damaged,
people will need
somewhere to go where
you all can talk and
regroup.
YOUR FIRST RESPONSE
28. Also Have a Plan B
Your meeting place might
be right in the middle of
the disaster.
YOUR FIRST RESPONSE
29. What Else Do People
Need?
Food? Shelter?
Transportation? Think
about what your
organization will provide
to make it easier for your
staff members to get
through the disaster.
YOUR FIRST RESPONSE
30. Poll
How confident are you that you’ll be able to reach
everyone associated with your nonprofit that you need to
contact in an emergency?
A. Very confident
B. Somewhat confident
C. Not very confident
D. Extremely unconfident
YOUR FIRST RESPONSE
32. What Is the Acceptable
Level of Risk?
The question is bigger
than IT. You’re making
decisions about the long-
term wellbeing of your
organization.
REVIEW YOUR SYSTEMS
35. Poll
How important is it that your organization continuously
provides services during a disaster?
5 (Every minute counts.)
4
3
2
1 (We could close for a few days and everything would
be fine.)
REVIEW YOUR SYSTEMS
36. What Are Your
Essential Functions?
Rank the activities or
functions of your
organization by what’s
most essential. The top
ranked functions are what
you’ll restore first.
REVIEW YOUR SYSTEMS
38. Match Equipment to
Essential Functions
This will help you
prioritize what to fix,
replace, or get back
online first.
REVIEW YOUR SYSTEMS
39. Think About Processes
If you don’t have all of
your tools, can you still
get the job done? How
might your process need
to change to accomplish
this? Document these
alternative processes.
REVIEW YOUR SYSTEMS
40. Duplication?
If there’s something you
can’t live without, you
may need to duplicate it
elsewhere to ensure that
it’s immediately available.
REVIEW YOUR SYSTEMS
41. How Will You Contain
an Infection?
If your systems suffer a
malware attack you’ll
need to:
• Disconnect
compromised systems.
• Collect important data.
• Gather external
intelligence.
• Safeguard all systems
and media.
• Collect Logs.
Source: Cybersecurity Ninja Series from
RoundTable Technology
REVIEW YOUR SYSTEMS
42. What About Paper?
Make sure you have
digital copies of paper
files. Also, don’t overlook
the value of having paper
copies of essential files.
In cases where the digital
files are inaccessible,
paper might save you.
REVIEW YOUR SYSTEMS
43. Into the Chat
What’s the first process or technology you’ll need to
recover?
REVIEW YOUR SYSTEMS
45. Sandy Was on the
Way
Mary O’Shaughnessy,
Executive Director,
quickly made a plan a
couple of days before the
storm struck.
REVIEW YOUR SYSTEMS
46. Powered Down
In anticipation of losing
power, she shut down all
electrical devices in the
office, including servers,
computers, and copiers.
REVIEW YOUR SYSTEMS
47. Closed for the Week
As Manhattan flooded,
O’Shaughnessy decided
to close the office for a
week.
REVIEW YOUR SYSTEMS
48. Fast Recovery
Once the water had
receded and the power
was back on, all Her
Justice had to do was
turn its servers and
computers back on and it
could get back to work.
REVIEW YOUR SYSTEMS
49. The Incident Prompted
Planning
Her Justice took another
look at its infrastructure
and processes and
decided that the Cloud
was a better choice.
REVIEW YOUR SYSTEMS
51. Replacing Hardware
If your hardware was
damaged in the disaster,
how will you replace it?
Keep a list of approved
vendors and approximate
pricing so that it’s easy to
replace the hardware
quickly.
GETTING BACK ONLINE
52. Where Is Your Data?
Did you lose data or
suffer damage to your
servers? Inventory what
data is still intact and
accessible and what isn’t.
GETTING BACK ONLINE
53. Are You Confident in
Your Backups?
Are you sure your data is
being backed up
properly? How confident
are you that you’ll be able
to restore a backup
quickly and thoroughly?
It’s wise to practice
restoring a backup once
each month.
GETTING BACK ONLINE
54. Poll
How confident are you that your nonprofit could restore a
backup within a few hours?
A. Very confident
B. Somewhat confident
C. Not very confident
D. Extremely unconfident
GETTING BACK ONLINE
56. Workday vs. Weekend
How will your response
need to be different if
people are in the office
versus at home?
OTHER PLANNING CONSIDERATIONS
57. Training and Practice
Until you walk through it,
there are a lot of small
details that can be easy
to overlook.
OTHER PLANNING CONSIDERATIONS
58. Are You Insured?
Look through your
policies and find out what
they cover and what they
don’t.
OTHER PLANNING CONSIDERATIONS
59. Put Your Plan on
Paper
If it’s in your head, it will
do no one any good if
you’re unavailable. Also,
chances are you’ve
overlooked something.
OTHER PLANNING CONSIDERATIONS
60. Safely Store Your Plan
Keep your plan in multiple
secure locations. In the
Cloud, on a thumb drive,
and on paper are all good
options.
OTHER PLANNING CONSIDERATIONS
61. In Review
1. Imagine the worst—what kind of disaster could strike
your organization?
2. Be ready to respond quickly—how will you make
sure staff are safe and rally everyone?
3. Review your systems—review and prioritize your
activities and the systems that support them.
4. Consider the processes and procedures for getting
back online.
5. Don’t forget the small details!
6. Write out your plan—put everything you’ve thought
about today into a written plan that guides your
organization through the recovery process.
OTHER PLANNING CONSIDERATIONS
62. Safety Matters
For more information on
how to help your staff
members stay safe in an
emergency, visit:
• www.ready.gov/workpla
ce-plans
• www.redcross.org/get-
help/prepare-for-
emergencies/workplac
es-and-organizations
OTHER PLANNING CONSIDERATIONS
63. THANK YOU FOR JOINING US!
Questions?
Don’t forget to fill out our survey:
[Link]
Notas del editor
So what does this all mean? How do you get started?
Water creates a whole bunch of problems. Anything electrical will be damaged, but you’ll also likely be out of the office for a while even after the water recedes because the carpets will need to be taken out and everything will need to be dried thoroughly to prevent mold.
There’s a chance you have to give up on your building. Do you have a way of working outside your building? Is your database or other software in the cloud and can people temportarily work from home or at another site?
Remember, things will not only burn, but water damage is likely to occur from sprinklers and other measures intended to put the fire out.
What protocol do you have in place to jump into action to contain the infection and clean it up before something worse happens? Will someone on staff even know what to do?
These four scenarios cover most disasters—natural or otherwise.
In this scenario, what information will have been lost forever? How long would it take your organization to access the data that is backed up? Consider not just files, but databases and applications such as accounting software, fundraising, membership, email and all the things your organization needs to function.
In this scenario, what information is accessible to your staff during those two weeks? Again, consider not just files, but databases and applications such as accounting software, fundraising, membership, email and all the things your organization needs to function.
Don’t worry, they are OK. Blissful. But gone. You have no idea where they went and you can’t talk to them about anything. Ever. What information did they have about your organization that no one else has? What organizational functions will struggle the most without them?
Donor’s credit card information. Client’s SSNs. How will you handle this? Who will communicate with constituents? Who will manage the response?
VoiP? Other issues…. If power goes out
Typically the ED is the leader/chair
Also include program leadership, IT, HR, operations, and communications. Your plan should spell out what each one does and when in the course of the incident.
Also note that people should be assigned to contact others so that no one gets overlooked. Some sort of phone tree method might work.
Also, have a plan B. Example of Her Justice
A community theatre might not do a ton of prevention or take extraordinary steps to recover after a disaster—especially if credit card information is not stored on site.
Whereas a domestic violence shelter needs to protect victims’ identity so that abusers can’t find them. And if the facility is unlivable, they still need a place to sleep that’s secure—you don’t want to have to make someone sleep on the street. In this case, having redundancies/or backup plans to ensure that information is secure and that shelter guests have a place to go is extraordinarily important and all has to be detailed in the plan.
The most extreme example is a facility that everyone can move to right away. More likely is a server environment in the Cloud or stored at another location.
With power out there was no email, so not much else they could do. Only could check voicemail because they had VOIP lines. Contrast this with a food pantry or health care organization that would have to find a way to stay operating.
Double check your insurance coverage to make sure your hardware is covered in a disaster
Talk about how restoring backups can sometimes be tricky and reinforce the point that just because you’re using Cloud storage doesn’t mean that your backing up everything properly. For example, if you’re using a sync and a file gets corrupted or infected, then every synced version will also be affected.
For example: Where is the key to the server closet? Who can access the building after hours?